Turning Jenkins Into a Cryptomining Machine From an Attackers Perspective
This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution enabling attackers to run scripts that download and execute miner binaries while maintaining persistence through cron jobs and systemd utilities.